SAML 2.0 IdP Metadata
Her er metadata generert av SimpleSAMLphp for deg. Du kan senda dette metadata-dokumentet til dine partnarar, slik at de kan setja opp ein tillitsføderasjon.
Du kan få metadata i XML på ein URL:
https://googleidp.sanren.ac.za/simplesaml/saml2/idp/metadata.php
Metadata
På SAML 2.0 metadata XML-format
<?xml version="1.0"?> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://googleidp.sanren.ac.za/simplesaml/saml2/idp/metadata.php"> <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:Extensions> <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">sanren.ac.za</shibmd:Scope> <shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">csir.co.za</shibmd:Scope> <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> <mdui:DisplayName xml:lang="en">SANReN Competency Area</mdui:DisplayName> <mdui:Description xml:lang="en">To authenticate SANReN Competency Area staff</mdui:Description> <mdui:InformationURL xml:lang="en">http://www.sanren.ac.za</mdui:InformationURL> </mdui:UIInfo> <mdui:DiscoHints xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> <mdui:IPHint>146.64.0.0/16</mdui:IPHint> <mdui:DomainHint>sanren.ac.za</mdui:DomainHint> <mdui:DomainHint>csir.co.za</mdui:DomainHint> <mdui:GeolocationHint>geo:-25.755799,28.2749455;u=50</mdui:GeolocationHint> </mdui:DiscoHints> </md:Extensions> <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIDBDCCAewCCQCSnXYfQItNdjANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJaQTEUMBIGA1UECgwLQ1NJUiBTQU5SZU4xHzAdBgNVBAMMFmdvb2dsZWlkcC5zYW5yZW4uYWMuemEwHhcNMTgwNjE0MDY0ODQ1WhcNMjgwNjEzMDY0ODQ1WjBEMQswCQYDVQQGEwJaQTEUMBIGA1UECgwLQ1NJUiBTQU5SZU4xHzAdBgNVBAMMFmdvb2dsZWlkcC5zYW5yZW4uYWMuemEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEOMgXJN5C+cYpsTialdRL52x6bqkWp4TJaTT3fyYJE1AzpkmDyXV/Np939oVDifi+gs3iRg/RzFYvljuI7yUabwYY0WeoktVj9Di3H4B96k/a7VYj9dS/3YbV8VE9DPRixGzqKv3G1/lAF+uxd85yPl0Mutn0+0FEGiKeGR/o3Dy3RPSfWOvMvc2GhcAEW83LLDPDUppIZrHI6GryqoLvKVcuXs4+CLP5+qc81FNlJSj65X8P1yyGyV9lwuxraSXe2HFOgyAN4ZrS2MTQmi9Ttb8q3Wqstq02Ugx1ZwXfXSEAFnaEaUf9l6EOC4vmTCtlEr0+SGVFscFKN/AMbEqNAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJC3P44IodWKHwt2uPmSS33cA8rbTQR9L+j69TbvJ0lvjJ6utbdXCVysnMnRYsY68cl9kGK0a+Yxf3FqekH5V5mUcuQCgQIFxfqDX8udu/BzoFJ8XJWWZ/RYYY/FOeE8Y8y9hz9bS2MXhzgV7fsZfDPRfzrAxzokD3TNOTrIpeNxA9ccJoguHMnp1k/KWlv0Ij4IjHDGKIG4NZcLWW/CUNdYu5WHzpzgj0Y+gOaVZsofhMakpLuYWwQhioH9jW5SF+1jHIWPSfxd8PWLYiq5pOKGO8CHhq6C07fPS6ngkiyQiXI5pdUqMxUUd86GmVuJ3fUk/+PW0InXcsl7eaUlLbY=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:KeyDescriptor use="encryption"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIDBDCCAewCCQCSnXYfQItNdjANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJaQTEUMBIGA1UECgwLQ1NJUiBTQU5SZU4xHzAdBgNVBAMMFmdvb2dsZWlkcC5zYW5yZW4uYWMuemEwHhcNMTgwNjE0MDY0ODQ1WhcNMjgwNjEzMDY0ODQ1WjBEMQswCQYDVQQGEwJaQTEUMBIGA1UECgwLQ1NJUiBTQU5SZU4xHzAdBgNVBAMMFmdvb2dsZWlkcC5zYW5yZW4uYWMuemEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEOMgXJN5C+cYpsTialdRL52x6bqkWp4TJaTT3fyYJE1AzpkmDyXV/Np939oVDifi+gs3iRg/RzFYvljuI7yUabwYY0WeoktVj9Di3H4B96k/a7VYj9dS/3YbV8VE9DPRixGzqKv3G1/lAF+uxd85yPl0Mutn0+0FEGiKeGR/o3Dy3RPSfWOvMvc2GhcAEW83LLDPDUppIZrHI6GryqoLvKVcuXs4+CLP5+qc81FNlJSj65X8P1yyGyV9lwuxraSXe2HFOgyAN4ZrS2MTQmi9Ttb8q3Wqstq02Ugx1ZwXfXSEAFnaEaUf9l6EOC4vmTCtlEr0+SGVFscFKN/AMbEqNAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJC3P44IodWKHwt2uPmSS33cA8rbTQR9L+j69TbvJ0lvjJ6utbdXCVysnMnRYsY68cl9kGK0a+Yxf3FqekH5V5mUcuQCgQIFxfqDX8udu/BzoFJ8XJWWZ/RYYY/FOeE8Y8y9hz9bS2MXhzgV7fsZfDPRfzrAxzokD3TNOTrIpeNxA9ccJoguHMnp1k/KWlv0Ij4IjHDGKIG4NZcLWW/CUNdYu5WHzpzgj0Y+gOaVZsofhMakpLuYWwQhioH9jW5SF+1jHIWPSfxd8PWLYiq5pOKGO8CHhq6C07fPS6ngkiyQiXI5pdUqMxUUd86GmVuJ3fUk/+PW0InXcsl7eaUlLbY=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://googleidp.sanren.ac.za/simplesaml/saml2/idp/SingleLogoutService.php"/> <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://googleidp.sanren.ac.za/simplesaml/saml2/idp/SSOService.php"/> </md:IDPSSODescriptor> <md:Organization> <md:OrganizationName xml:lang="en">Council for Scientific and Industrial Research</md:OrganizationName> <md:OrganizationName xml:lang="af">Wetenskaplike en Nywerheidnavorsingsraad</md:OrganizationName> <md:OrganizationDisplayName xml:lang="en">SANReN Competency Area</md:OrganizationDisplayName> <md:OrganizationURL xml:lang="en">http://www.sanren.ac.za/</md:OrganizationURL> </md:Organization> <md:ContactPerson contactType="support"> <md:GivenName>SANReN Sysadmins</md:GivenName> <md:EmailAddress>mailto:sysadmin@sanren.ac.za</md:EmailAddress> <md:TelephoneNumber>+27.12.841.2308</md:TelephoneNumber> </md:ContactPerson> <md:ContactPerson contactType="technical"> <md:GivenName>SANReN Sysadmin Support</md:GivenName> <md:EmailAddress>mailto:sysadmin@sanren.ac.za</md:EmailAddress> <md:TelephoneNumber>+27.12.841.2308</md:TelephoneNumber> </md:ContactPerson> <md:ContactPerson contactType="other" xmlns:remd="http://refeds.org/metadata" remd:contactType="http://refeds.org/metadata/contactType/security"> <md:GivenName>SANReN CSIRT</md:GivenName> <md:EmailAddress>mailto:csirt@sanren.ac.za</md:EmailAddress> <md:TelephoneNumber>+27.12.841.4111</md:TelephoneNumber> </md:ContactPerson> <md:ContactPerson contactType="technical"> <md:GivenName>Administrators</md:GivenName> <md:EmailAddress>mailto:sysadmin@sanren.ac.za</md:EmailAddress> </md:ContactPerson> </md:EntityDescriptor>
På flat fil for SimpleSAMLphp. Bruk denne dersom du bruker SimpleSAMLphp på andre sida:
$metadata['https://googleidp.sanren.ac.za/simplesaml/saml2/idp/metadata.php'] = [ 'metadata-set' => 'saml20-idp-remote', 'entityid' => 'https://googleidp.sanren.ac.za/simplesaml/saml2/idp/metadata.php', 'SingleSignOnService' => [ [ 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Location' => 'https://googleidp.sanren.ac.za/simplesaml/saml2/idp/SSOService.php', ], ], 'SingleLogoutService' => [ [ 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Location' => 'https://googleidp.sanren.ac.za/simplesaml/saml2/idp/SingleLogoutService.php', ], ], 'certData' => 'MIIDBDCCAewCCQCSnXYfQItNdjANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJaQTEUMBIGA1UECgwLQ1NJUiBTQU5SZU4xHzAdBgNVBAMMFmdvb2dsZWlkcC5zYW5yZW4uYWMuemEwHhcNMTgwNjE0MDY0ODQ1WhcNMjgwNjEzMDY0ODQ1WjBEMQswCQYDVQQGEwJaQTEUMBIGA1UECgwLQ1NJUiBTQU5SZU4xHzAdBgNVBAMMFmdvb2dsZWlkcC5zYW5yZW4uYWMuemEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEOMgXJN5C+cYpsTialdRL52x6bqkWp4TJaTT3fyYJE1AzpkmDyXV/Np939oVDifi+gs3iRg/RzFYvljuI7yUabwYY0WeoktVj9Di3H4B96k/a7VYj9dS/3YbV8VE9DPRixGzqKv3G1/lAF+uxd85yPl0Mutn0+0FEGiKeGR/o3Dy3RPSfWOvMvc2GhcAEW83LLDPDUppIZrHI6GryqoLvKVcuXs4+CLP5+qc81FNlJSj65X8P1yyGyV9lwuxraSXe2HFOgyAN4ZrS2MTQmi9Ttb8q3Wqstq02Ugx1ZwXfXSEAFnaEaUf9l6EOC4vmTCtlEr0+SGVFscFKN/AMbEqNAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJC3P44IodWKHwt2uPmSS33cA8rbTQR9L+j69TbvJ0lvjJ6utbdXCVysnMnRYsY68cl9kGK0a+Yxf3FqekH5V5mUcuQCgQIFxfqDX8udu/BzoFJ8XJWWZ/RYYY/FOeE8Y8y9hz9bS2MXhzgV7fsZfDPRfzrAxzokD3TNOTrIpeNxA9ccJoguHMnp1k/KWlv0Ij4IjHDGKIG4NZcLWW/CUNdYu5WHzpzgj0Y+gOaVZsofhMakpLuYWwQhioH9jW5SF+1jHIWPSfxd8PWLYiq5pOKGO8CHhq6C07fPS6ngkiyQiXI5pdUqMxUUd86GmVuJ3fUk/+PW0InXcsl7eaUlLbY=', 'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', 'OrganizationName' => [ 'en' => 'Council for Scientific and Industrial Research', 'af' => 'Wetenskaplike en Nywerheidnavorsingsraad', ], 'OrganizationDisplayName' => [ 'en' => 'SANReN Competency Area', ], 'OrganizationURL' => [ 'en' => 'http://www.sanren.ac.za/', ], 'scope' => [ 'sanren.ac.za', 'csir.co.za', ], 'UIInfo' => [ 'DisplayName' => [ 'en' => 'SANReN Competency Area', ], 'Description' => [ 'en' => 'To authenticate SANReN Competency Area staff', ], 'InformationURL' => [ 'en' => 'http://www.sanren.ac.za', ], ], 'DiscoHints' => [ 'IPHint' => [ '146.64.0.0/16', ], 'DomainHint' => [ 'sanren.ac.za', 'csir.co.za', ], 'GeolocationHint' => [ 'geo:-25.755799,28.2749455;u=50', ], ], 'contacts' => [ [ 'contactType' => 'support', 'emailAddress' => 'mailto:sysadmin@sanren.ac.za', 'givenName' => 'SANReN Sysadmins', 'telephoneNumber' => '+27.12.841.2308', ], [ 'contactType' => 'technical', 'emailAddress' => 'mailto:sysadmin@sanren.ac.za', 'givenName' => 'SANReN Sysadmin Support', 'telephoneNumber' => '+27.12.841.2308', ], [ 'contactType' => 'other', 'emailAddress' => 'mailto:csirt@sanren.ac.za', 'givenName' => 'SANReN CSIRT', 'telephoneNumber' => '+27.12.841.4111', 'attributes' => [ 'xmlns:remd' => 'http://refeds.org/metadata', 'remd:contactType' => 'http://refeds.org/metadata/contactType/security', ], ], [ 'emailAddress' => 'sysadmin@sanren.ac.za', 'contactType' => 'technical', 'givenName' => 'Administrators', ], ], ];
Sertifikat
Last ned X509-sertifikat som PEM-koda filer